This is an automated email from the git hooks/post-receive script. hertzog pushed a commit to branch squeeze in repository libxml-libxml-perl.
commit 1aaf9208e438fc906bf01eb8a10ddbf7460a8613 Author: Raphaël Hertzog <hert...@debian.org> Date: Thu Apr 30 15:14:46 2015 +0200 Fix CVE-2015-3451: expand_entities set to 0 is not preserved after a _clone() call Backported the upstream patch at https://bitbucket.org/shlomif/perl-xml-libxml/commits/5962fd067580767777e94640b129ae8930a68a30/raw/: * Replaced like() with ok() * Updated number of test with the older syntax --- debian/changelog | 8 ++++ debian/patches/CVE-2015-3451.patch | 75 ++++++++++++++++++++++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 84 insertions(+) diff --git a/debian/changelog b/debian/changelog index 675dc35..27a55c4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +libxml-libxml-perl (1.70.ds-1+deb6u1) squeeze-lts; urgency=high + + * Security upload by the Debian LTS team. + * Fix CVE-2015-3451: expand_entities set to 0 is not preserved after a + _clone() call. Backported the upstream patch. + + -- Raphaël Hertzog <hert...@debian.org> Thu, 30 Apr 2015 15:05:14 +0200 + libxml-libxml-perl (1.70.ds-1) unstable; urgency=low [ Jonathan Yu ] diff --git a/debian/patches/CVE-2015-3451.patch b/debian/patches/CVE-2015-3451.patch new file mode 100644 index 0000000..125da55 --- /dev/null +++ b/debian/patches/CVE-2015-3451.patch @@ -0,0 +1,75 @@ +Description: Fix CVE-2015-3451: expand_entities set to 0 is not preserved after a _clone() call + Preserve unset options after a _clone() call (e.g: in load_xml()). +Origin: backport, https://bitbucket.org/shlomif/perl-xml-libxml/commits/5962fd067580767777e94640b129ae8930a68a30/ +Bug-Debian: http://bugs.debian.org/783443 + +--- a/LibXML.pm ++++ b/LibXML.pm +@@ -391,8 +391,11 @@ sub _clone { + line_nubers => $self->{XML_LIBXML_LINENUMBERS}, + base_uri => $self->{XML_LIBXML_BASE_URI}, + gdome => $self->{XML_LIBXML_GDOME}, +- set_parser_flags => $self->{XML_LIBXML_PARSER_OPTIONS}, + }); ++ # The parser options may contain some options that were zeroed from the ++ # defaults so set_parser_flags won't work here. We need to assign them ++ # explicitly. ++ $new->{XML_LIBXML_PARSER_OPTIONS} = $self->{XML_LIBXML_PARSER_OPTIONS}; + return $new; + } + +--- a/t/43options.t ++++ b/t/43options.t +@@ -3,7 +3,7 @@ + use Test; + use strict; + use warnings; +-BEGIN { plan tests => 289} ++BEGIN { plan tests => 290} + + use XML::LibXML; + +@@ -92,6 +92,43 @@ no_network + } + + { ++ my $XML = <<'EOT'; ++<?xml version="1.0" encoding="UTF-8"?> ++<!DOCTYPE title [ <!ELEMENT title ANY > ++<!ENTITY xxe SYSTEM "file:///etc/passwd" >]> ++<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"> ++<channel> ++ <title>XXE</title> ++ <link>example.com</link> ++ <description>XXE</description> ++ <item> ++ <title>&xxe;</title> ++ <link>example.com</link> ++ <description>XXE here</description> ++ </item> ++</channel> ++</rss> ++EOT ++ ++ my $sys_line = <<'EOT'; ++<!ENTITY xxe SYSTEM "file:///etc/passwd" ++EOT ++ ++ chomp ($sys_line); ++ ++ my $parser = XML::LibXML->new( ++ expand_entities => 0, ++ load_ext_dtd => 0, ++ no_network => 1, ++ expand_xinclude => 0, ++ ); ++ my $XML_DOC = $parser->load_xml( string => $XML, ); ++ ++ # TEST expand_entities is preserved after _clone()/etc. ++ ok(scalar($XML_DOC->toString()), qr/\Q$sys_line\E/); ++} ++ ++{ + my $p = XML::LibXML->new(map { $_=>1 } @all); + for (@all) { + ok($p->get_option($_)==1); diff --git a/debian/patches/series b/debian/patches/series index 7c857d7..8b352c1 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,2 +1,3 @@ fix_manpage_typos fix_errmsg_typo.patch +CVE-2015-3451.patch -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-perl/packages/libxml-libxml-perl.git _______________________________________________ Pkg-perl-cvs-commits mailing list Pkg-perl-cvs-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-perl-cvs-commits